Overall spam volume unaffected by 3FN/Pricewert's ISP shutdown

Following last week's shutdown of 3FN/Pricewert's operations by the FTC, wishful thinkers expected a major decline in the overall spam volume, with botnet masters once again caught off guard just like it happened in November, 2008 with McColo's shutdown.However, according to numerous vendors that doesn't seem to be the case.

However, according to numerous vendors that doesn't seem to be the case. The short-lived 15% drop in spam volume quickly returned to its usual proportions, with only two of the big botnets (Pushdo/Cutwail along with Mega-D) affected for the time being.

Here's what the vendors and their data is saying:

According to managed e-mail and web security services vendor MX Logic, the 3FN/Pricewert shutdown "spam volumes haven't been affected at all" according to data from their Threat Operations Center, where the minor decline is pretty visible, prior to FTC's press release on the 4th of June.

The company attributes the lack of visible affect on the overall spam volume due to the contingency planning applied by the botnet masters, as well as the lack of more effective cooperation with the increasingly decentralized domain registrars increasing the average time a malicious domains remains online.

Marshal8e6's TRACElabs team points out that "looking at our Spam Statistics from last week, we do see a dip down of about 15% in our Spam Volume Index (SVI), and spam originating from the Pushdo botnet indeed seems to be affected. The proportion of spam from Pushdo has dipped, along with Mega-D. Rustock seems completely unaffected."

On the very same day the affected Pushdo botnet spammed a fake greeting card in an attempt to distribute the Privacy Center scareware, in an apparent attempt to signal its existence.

This modest decline can also be seen through daily spam data obtained from Cisco IronPort's SenderBase, with the global spam volume clearly declining June 5th with -8% fluctuation, followed by another -22% decline on the 6th. However, the daily volume then quickly returned to its usual rate.

"At first, our technicians thought something was going wrong," said Christopher, about the sudden shutdown. He said the FTC "has ruined our reputation" and has caused loss of customers. Christopher, who says he is from Ukraine, added that he hopes the firm isn't being targeted because it has associations with Ukraine, which has gotten a bad reputation in some circles for malware distribution and online crime."

The firm is targeted due to its evident connections with key botnets and malware attacks, however, it appears that several ICQ chats obtained by the FTC offered a pretty descriptive insight into the customer relationship management practices offered by 3FN/Pricewert:

"In one of the chats obtained by the FTC, Pricewert's Head of Programming is engaged in a conversation with a customer regarding the number of compromised computers the customer controls. The customer informs Pricewert that he controls 200,000 bots and needs assistance configuring the botnet. The head of Price wert's Programming Department agrees to assist, but complains upon learning of the size of the botnet that it will require a lot of work. In a second chat, a Senior Project Manager for Pricewert is told by a customer that the customer controls a massive and rapidly growing network ofbots. Pricewert's Sales Director reassures the customer that "Well, we know how to manage it."